Eight new vulnerabilities have been identified in the SolarWinds Access Rights Manager Tool (ARM), three of which are deemed critical. These vulnerabilities could potentially allow attackers to obtain the highest levels of privilege in systems that haven't been patched. SolarWinds, a broad IT management platform, has a significant role in corporate networks as it oversees and affects crucial components. Its ARM tool, which is used by administrators to manage and audit user access rights to data, files, and systems, exemplifies this power.
Trend Micro's Zero Day Initiative (ZDI) disclosed a series of vulnerabilities in ARM, rated as 'High' and 'Critical'. According to Dustin Childs, the head of threat awareness at ZDI, the most severe of these bugs could allow a remote unauthenticated attacker to execute arbitrary code at the system level. He stated, "The most severe of these bugs would allow a remote unauthenticated attacker to execute arbitrary code at system level. They could completely take over an affected system. While we did not look at exploitability, the potential of these vulnerabilities is about as bad as it gets."
Two of the eight vulnerabilities, CVE-2023-35181 and CVE-2023-35183, enable unauthorized users to misuse local resources and incorrect folder permissions, leading to local privilege escalation. These were assigned a 'High' severity rating of 7.8 out of 10. Other vulnerabilities, namely CVE-2023-35180, CVE-2023-35184, and CVE-2023-35186, rated 8.8 out of 10 by Trend Micro, could allow users to exploit a SolarWinds service or its ARM API to perform remote code execution (RCE).
The most alarming vulnerabilities are three RCE vulnerabilities, CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187, each assigned a 'critical' 9.8 rating by Trend Micro. In each case, a lack of proper validation for the methods createGlobalServerChannelInternal, OpenFile, and OpenClientUpdateFile could enable attackers to run arbitrary code at the SYSTEM level, the highest possible level of privilege on a Windows machine. These three vulnerabilities do not require prior authentication for exploitation.
SolarWinds has released a new ARM version 2023.2.1, which resolves all eight vulnerabilities. SolarWinds clients are urged to apply the patch immediately.